The Pace has been updated with changes reflecting feedback from Elliotte and Thomas.
- James Elliotte Harold wrote: > James M Snell wrote: > >> 14.4 XML External Entities and Links within Atom document >> >> Atom Feed and Entry documents MAY utilize XML External Entities as >> defined in section 4.2.2 of [REC-XML]. However, because the Atom >> Syndication Format does not require DTD validation, Atom implementations >> are not required to support external entities. Implementations that >> choose to support external entities within Atom documents need to be >> aware of the risks inherent in doing so. Specifically, external >> entities are subject to all of the same security concerns as HTTP GET >> operations and run the risk of signficantly altering the semantics of >> the Atom document. >> > > The sentence, "However, because the Atom Syndication Format does not > require DTD validation, Atom implementations are not required to support > external entities." is not a correct logical inference. > > I suggest simply, "Atom implementations are not required to load > external entities. However, implementations that do choose..." > >
